Be a Rockstar in Context-Aware Security: Turning the Right Security Dials

“Our security goes to 11!” … “Yeah, but the sound sucks!”

Remember in the classic movie This is Spinal Tap when Nigel Tufnel is showing off his new amp, and he’s very impressed with the fact that his dials go beyond the traditional ten all the way to eleven? “Eleven is one more than ten,” he tells us. As any Spinal Tap aficionado will tell, you musicality was not the band’s strong suit … it was volume.

Sometimes security can be a little bit like Nigel’s amp and Spinal Tap’s ear-bleeding sound.  We all have various security “dials” that we can adjust as we see fit – turning them up when the risk is highest and down when we’re not so worried about the risk. The problem is that we have lots of dials and often adjust them with no attention to the overall “sound” of the music – the mix can be all off. And our end users, the people that are the whole reason we even provide technology, only care about the way the music sounds – they want to do their jobs as seamlessly and efficiently as possible.

Let me give an example. Let’s say you have three security dials:

  1. Location
  2. Time-of-day
  3. Device being used

Each dial goes all the way to eleven and you can adjust them all independently. So when your security policy dictates that access is only allowed during business hours, when working on-prem, via a company-controlled device, each of the dials can be set to eleven and as long as everyone follows the rules, the actual volume is only sitting around five and the song sounds great.

But what about when something non-standard happens?

Let’s say a legitimate employee needs to access an application that he is approved to access, but needs to do it remotely. Since the location dial is set at 11 anything other than on-prem is going to return an “access denied”. The employee can’t do his job. So if he wants to do it, someone has to intervene and turn the location dial down to an acceptable level so he can get to his stuff. It’s a pain for the employee – having to jump through so many hoops to do his job. And it’s a pain for IT, having to intervene to make it happen. The mix is all wrong and the sound leaves much to be desired.

The same scenario would be repeated if the employee needed to work late or access systems from a device not within the company’s control.

We recently completed a survey of end users and IT professionals asking their opinions, attitudes, and realities on the delicate balance of security vs. user productivity. The results were pretty telling. Most users view IT as much too eager to turn the dial to eleven. And the majority of IT organizations feel trapped in a need to amp up security at the expense of user productivity, because the risk is too high otherwise.

We have a great webcast called Solving the Security/Efficiency Stalemate where Jackson Shaw, Senior Director of Product Management for the One Identity family of IAM solution discusses this delicate balance and the challenges exposed by the survey results. Dimensional Research will go through the more interesting points uncovered in the survey. And finally Jackson offers some real-world options to overcome these challenges.

If this is something your organization is facing (and I can’t think of any organization not challenged in this area) I invite you to watch the webcast.

And if you want to really dive into the numbers, download the survey results here. Maybe you can get your business productivity cranked up to eleven instead.